Presentation given at the SWIM Seminar (University of Tsukuba) about ENKI*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/07/11/summary-enki/
*Hang et al.: "ENKI: Access Control for Encrypted Query Processing". SIGMOD 2015.
DBMask: Fine-Grained Access Control on Encrypted Relational DatabasesMateus S. H. Cruz
Presentation given at the SWIM Seminar (University of Tsukuba) about MONOMI*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/07/15/summary-dbmask/
*Nabeel et al.: "DBMask: Fine-Grained Access Control on Encrypted Relational Databases". CODASPY 2015.
Realizing Fine-Grained and Flexible Access Control to Outsourced Data with At...Mateus S. H. Cruz
Presentation given at the SWIM Seminar (University of Tsukuba) about the paper "Realizing Fine-Grained and Flexible Access Control to Outsourced Data with Attribute-Based Cryptosystems"*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/07/22/summary-fine-grained-access-control-using-abe-and-abs/
*Zhao et al.: "Realizing Fine-Grained and Flexible Access Control to Outsourced Data with Attribute-Based Cryptosystems". ISPEC 2011.
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Mateus S. H. Cruz
Presentation given at the SWIM seminar (University of Tsukuba) about the paper "Fast, Private and Verifiable: Server-aided Approximate Similarity Computation over Large-Scale Datasets"*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/08/05/summary-fast-private-and-verifiable-server-aided-approximate-similarity-computation-over-large-scale-datasets/
*Qiu et al.: "Fast, Private and Verifiable: Server-aided Approximate Similarity Computation over Large-Scale Datasets". SCC 2016.
Presentation given at the KDE Seminar (University of Tsukuba) about CryptDB*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/06/24/summary-cryptdb/
The official website for CryptDB is: http://css.csail.mit.edu/cryptdb/
*Popa et al.: "CryptDB: Protecting Confidentiality with Encrypted Query Processing". SOSP 2011.
Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the CloudMateus S. H. Cruz
The document proposes a method for privacy-preserving multi-keyword fuzzy search over encrypted data. It uses Bloom filters to represent encrypted indexes and queries, and locality sensitive hashing functions to allow fuzzy matching of keywords. An inner product calculation is used to determine similarity between encrypted indexes and queries. The proposal includes an enhanced scheme that adds a pseudorandom function for additional security against background knowledge attacks. Experiments demonstrate the performance and accuracy of the approach.
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...Mateus S. H. Cruz
This document summarizes a research paper that proposes an encrypted search scheme using an inverted index to allow for multi-keyword queries on encrypted data. The key contributions are: (1) supporting the reuse of the same encrypted index for multiple queries while preserving query privacy, (2) enabling conjunctive multi-keyword searches, and (3) providing efficiency by only using multiplication and exponentiation operations. The proposed scheme uses an encrypted inverted index along with trapdoor generation and private set intersection techniques to enable accurate yet private searches on outsourced encrypted data.
Fuzzy Keyword Search over Encrypted Data in Cloud ComputingMateus S. H. Cruz
The document proposes a wildcard-based approach for efficient fuzzy keyword search over encrypted data stored in the cloud. It aims to address the large fuzzy sets and high storage costs of the straightforward approach by using wildcards to denote edit operations. This allows for a more efficient construction of smaller fuzzy sets and reduced storage requirements, while still maintaining search privacy.
Presentation given at the SWIM Seminar (University of Tsukuba) about MONOMI*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/07/01/summary-monomi/
*Tu et al.: "Processing Analytical Queries over Encrypted Data". VLDB 2013.
DBMask: Fine-Grained Access Control on Encrypted Relational DatabasesMateus S. H. Cruz
Presentation given at the SWIM Seminar (University of Tsukuba) about MONOMI*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/07/15/summary-dbmask/
*Nabeel et al.: "DBMask: Fine-Grained Access Control on Encrypted Relational Databases". CODASPY 2015.
Realizing Fine-Grained and Flexible Access Control to Outsourced Data with At...Mateus S. H. Cruz
Presentation given at the SWIM Seminar (University of Tsukuba) about the paper "Realizing Fine-Grained and Flexible Access Control to Outsourced Data with Attribute-Based Cryptosystems"*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/07/22/summary-fine-grained-access-control-using-abe-and-abs/
*Zhao et al.: "Realizing Fine-Grained and Flexible Access Control to Outsourced Data with Attribute-Based Cryptosystems". ISPEC 2011.
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Mateus S. H. Cruz
Presentation given at the SWIM seminar (University of Tsukuba) about the paper "Fast, Private and Verifiable: Server-aided Approximate Similarity Computation over Large-Scale Datasets"*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/08/05/summary-fast-private-and-verifiable-server-aided-approximate-similarity-computation-over-large-scale-datasets/
*Qiu et al.: "Fast, Private and Verifiable: Server-aided Approximate Similarity Computation over Large-Scale Datasets". SCC 2016.
Presentation given at the KDE Seminar (University of Tsukuba) about CryptDB*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/06/24/summary-cryptdb/
The official website for CryptDB is: http://css.csail.mit.edu/cryptdb/
*Popa et al.: "CryptDB: Protecting Confidentiality with Encrypted Query Processing". SOSP 2011.
Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the CloudMateus S. H. Cruz
The document proposes a method for privacy-preserving multi-keyword fuzzy search over encrypted data. It uses Bloom filters to represent encrypted indexes and queries, and locality sensitive hashing functions to allow fuzzy matching of keywords. An inner product calculation is used to determine similarity between encrypted indexes and queries. The proposal includes an enhanced scheme that adds a pseudorandom function for additional security against background knowledge attacks. Experiments demonstrate the performance and accuracy of the approach.
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Stro...Mateus S. H. Cruz
This document summarizes a research paper that proposes an encrypted search scheme using an inverted index to allow for multi-keyword queries on encrypted data. The key contributions are: (1) supporting the reuse of the same encrypted index for multiple queries while preserving query privacy, (2) enabling conjunctive multi-keyword searches, and (3) providing efficiency by only using multiplication and exponentiation operations. The proposed scheme uses an encrypted inverted index along with trapdoor generation and private set intersection techniques to enable accurate yet private searches on outsourced encrypted data.
Fuzzy Keyword Search over Encrypted Data in Cloud ComputingMateus S. H. Cruz
The document proposes a wildcard-based approach for efficient fuzzy keyword search over encrypted data stored in the cloud. It aims to address the large fuzzy sets and high storage costs of the straightforward approach by using wildcards to denote edit operations. This allows for a more efficient construction of smaller fuzzy sets and reduced storage requirements, while still maintaining search privacy.
Presentation given at the SWIM Seminar (University of Tsukuba) about MONOMI*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/07/01/summary-monomi/
*Tu et al.: "Processing Analytical Queries over Encrypted Data". VLDB 2013.
Privacy-Preserving Search for Chemical Compound DatabasesMateus S. H. Cruz
Presentation about the paper "Privacy-Preserving Search for Chemical Compound Databases"*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/09/02/summary-privacy-preserving-search-for-chemical-compound-databases/
*Shimizu et al.: "Privacy-Preserving Search for Chemical Compound Databases". BMC Bioinformatics 2015.
KLEE is a symbolic virtual machine built on LLVM that generates automatic tests with high coverage by using symbolic execution and constraint solving. It is the successor to a similar tool called EXE and uses STP as its constraint solver. KLEE allows testing programs with symbolic inputs to achieve high code coverage and find bugs.
These slides contain an introduction to Symbolic execution and an introduction to KLEE.
I made this for a small demo/intro for my research group's meeting.
This document proposes a new effective RC4 stream cipher and analyzes its security. It combines two existing RC4 modifications: the Improved RC4 cipher by Jian Xie et al. and the Modified RC4 cipher by T.D.B. Weerasinghe. The performance and secrecy of the new cipher is analyzed and tested against the original RC4 and the two modifications it combines. Results show the new cipher has significantly lower encryption times and higher throughput than the original RC4, demonstrating improved performance. Secrecy analysis based on Shannon's theory also indicates the new cipher has higher secrecy than the original and modified RC4 ciphers it combines.
RSA and OAEP
Diffe-Hellman Key Exchange and its Security Aspects
Model of Asymmetric Key Cryptography
Factorization and other methods for Public Key Cryptography
Template Protection with Homomorphic EncryptionTolun Tosun
This document discusses using homomorphic encryption to perform biometric template matching and verification in an encrypted domain. It describes how homomorphic encryption allows certain arithmetic operations to be performed on encrypted data, enabling distance calculations to be done on encrypted biometric templates without decrypting them. Two methods are summarized - one using a semi-homomorphic Pailler cryptosystem to compute Euclidean and cosine distances, and one using a somewhat homomorphic R-LWE system to compute dot products. Both methods meet the requirements of biometric template protection by providing irreversibility and unlinkability of templates.
This document analyzes a modified version of the RC4 stream cipher algorithm. The original RC4 algorithm is described, along with its key scheduling algorithm and pseudo-random generation algorithm. The modified algorithm makes a small change to the output generation by adding an additional parameter to the XOR operation. Tests were conducted to analyze the secrecy and performance of the modified algorithm compared to the original RC4 algorithm over variable key lengths and data sizes. The results showed that the modified algorithm had better secrecy and comparable or better performance than the original RC4 algorithm.
Cs8792 cns - Public key cryptosystem (Unit III)ArthyR3
This document provides an overview of public key cryptography and asymmetric key ciphers. It begins with the underlying mathematics including primes, primality testing, factorization, Euler's totient function, Fermat's theorem, and exponentiation. It then discusses asymmetric key ciphers like RSA and Diffie-Hellman key exchange. RSA is described in more detail, including how public and private key pairs are generated using large prime numbers and exponentiation modulo a composite integer. Security relies on the difficulty of factoring large numbers.
The document discusses closures and functional programming, noting that closures allow defining functions with little syntax and are reusable blocks of code that capture their enclosing environment. It provides an agenda covering closure concepts, examples of functional programming with closures, and using closures for refactoring code.
Symbolic Reasoning and Concrete Execution - Andrii Vozniuk Andrii Vozniuk
Higher-order test generation and symbolic execution with mixed concrete-symbolic solving are two approaches to dealing with imprecision caused by complex functions in test generation. Higher-order test generation models concretization symbolically using a higher-order logic and relies on validity proofs, while symbolic execution with mixed solving splits constraints into simple and complex parts, solves the simple part concretely, and uses those solutions to simplify the complex part, relying on standard constraint solving. Both approaches improve on dynamic test generation but are theoretical, sound but incomplete.
This document discusses ring-based homomorphic encryption schemes and compares the efficiency of four schemes: BGV, FV, NTRU, and YASHE. The schemes are analyzed by measuring ciphertext size under varying parameters like plaintext modulus size and circuit depth. For small plaintext sizes, YASHE is most efficient, but BGV generally performs best as plaintext size increases. The analysis provides a starting point for comparing ring-based schemes but could be improved with a stricter security analysis.
Homomorphic encryption allows computations to be performed on encrypted data without decrypting it first. This document discusses homomorphic encryption techniques including partially homomorphic encryptions that support either addition or multiplication operations, and fully homomorphic encryption introduced by Craig Gentry that supports both types of operations. It also covers the use of ideal lattices in lattice-based cryptosystems and the bootstrapping technique used to "refresh" ciphertexts and prevent noise from accumulating during homomorphic computations.
The document summarizes research on constructing the first threshold and proactive pseudo-random permutation (PRP). It presents a new oblivious distributed pseudo-random function and uses it with the Luby-Rackoff construction to build a distributed PRP. The protocol allows n servers to compute encryptions/decryptions in O(1) rounds as long as less than (n-1)/2 servers are corrupted. It enables protocols like authenticated encryption to be made distributed.
The document discusses defect prevention software tools for analyzing source code quality and design. It provides examples of static analysis violations detected in sample Java code for a CommaHyphenString class, including unused variables, short variable names, and lack of documentation. It also includes maintainability and complexity metrics for the sample class calculated by the VizzMaintenance tool.
Use of an Oscilloscope - maXbox Starter33Max Kleiner
This is an oscilloscope introduction that uses several sources for input. My hope is that it encourages a few future scientists to experiment and get into touch with new waves ~.
Oscilloscopes are one of the few pieces of electronic equipment that plays multiple roles and can be used in the place of other electronics equipment.
The document discusses various code tuning techniques to optimize code performance, including unswitching loops, unrolling loops, caching frequently used values, initializing data at compile time, using sentinels in search loops, putting the busiest loop on the inside, pre-computing results, and using integers instead of floating point variables. It provides examples of each technique in different programming languages and the measured time savings from applying each optimization, with some optimizations yielding up to 90% faster execution time. The key message is that minor changes to code implementation through these techniques can significantly improve performance, but optimizations must be carefully tested.
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWEPriyanka Aash
Destructive and constructive methods in lattice-based cryptography will be discussed. Topic 1: Cryptanalysis of Compact-LWE Authors: Jonathan Bootle; Mehdi Tibouchi; Keita Xagawa Topic 2: Two-message Key Exchange with Strong Security from Ideal Lattices Authors: Zheng Yang; Yu Chen; Song Luo
(Source: RSA Conference USA 2018)
This document discusses SystemVerilog assertions (SVA). It introduces SVA and explains that assertions are used to document design functionality, check design intent is met, and determine if verification tested the design. Assertions can be specified by the design or verification engineer. The document outlines the key building blocks of SVA like sequences, properties, and assertions. It provides examples of different types of assertions and how they are used. Key concepts discussed include implication, timing windows, edge detection, and repetition operators.
This document discusses closures and functional programming. It begins with an agenda that covers closures as code blocks, their history in languages like Lisp and Scheme, examples of functional programming, and using closures for refactoring. It then discusses a case study on experiences with a polygraph design, including optimizations with closures, packaging, and applying the Demeter principle. Finally, it provides links for further reading on closures.
The document summarizes cryptographic algorithms DES and AES. It describes the basic concepts of encryption, the history and workings of DES including key generation and encryption/decryption processes. It then explains the AES cipher which was selected to replace DES, including the cipher structure involving substitution, shifting, mixing and adding round keys in multiple rounds of processing. The key expansion process is also summarized.
Privacy-Preserving Search for Chemical Compound DatabasesMateus S. H. Cruz
Presentation about the paper "Privacy-Preserving Search for Chemical Compound Databases"*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/09/02/summary-privacy-preserving-search-for-chemical-compound-databases/
*Shimizu et al.: "Privacy-Preserving Search for Chemical Compound Databases". BMC Bioinformatics 2015.
KLEE is a symbolic virtual machine built on LLVM that generates automatic tests with high coverage by using symbolic execution and constraint solving. It is the successor to a similar tool called EXE and uses STP as its constraint solver. KLEE allows testing programs with symbolic inputs to achieve high code coverage and find bugs.
These slides contain an introduction to Symbolic execution and an introduction to KLEE.
I made this for a small demo/intro for my research group's meeting.
This document proposes a new effective RC4 stream cipher and analyzes its security. It combines two existing RC4 modifications: the Improved RC4 cipher by Jian Xie et al. and the Modified RC4 cipher by T.D.B. Weerasinghe. The performance and secrecy of the new cipher is analyzed and tested against the original RC4 and the two modifications it combines. Results show the new cipher has significantly lower encryption times and higher throughput than the original RC4, demonstrating improved performance. Secrecy analysis based on Shannon's theory also indicates the new cipher has higher secrecy than the original and modified RC4 ciphers it combines.
RSA and OAEP
Diffe-Hellman Key Exchange and its Security Aspects
Model of Asymmetric Key Cryptography
Factorization and other methods for Public Key Cryptography
Template Protection with Homomorphic EncryptionTolun Tosun
This document discusses using homomorphic encryption to perform biometric template matching and verification in an encrypted domain. It describes how homomorphic encryption allows certain arithmetic operations to be performed on encrypted data, enabling distance calculations to be done on encrypted biometric templates without decrypting them. Two methods are summarized - one using a semi-homomorphic Pailler cryptosystem to compute Euclidean and cosine distances, and one using a somewhat homomorphic R-LWE system to compute dot products. Both methods meet the requirements of biometric template protection by providing irreversibility and unlinkability of templates.
This document analyzes a modified version of the RC4 stream cipher algorithm. The original RC4 algorithm is described, along with its key scheduling algorithm and pseudo-random generation algorithm. The modified algorithm makes a small change to the output generation by adding an additional parameter to the XOR operation. Tests were conducted to analyze the secrecy and performance of the modified algorithm compared to the original RC4 algorithm over variable key lengths and data sizes. The results showed that the modified algorithm had better secrecy and comparable or better performance than the original RC4 algorithm.
Cs8792 cns - Public key cryptosystem (Unit III)ArthyR3
This document provides an overview of public key cryptography and asymmetric key ciphers. It begins with the underlying mathematics including primes, primality testing, factorization, Euler's totient function, Fermat's theorem, and exponentiation. It then discusses asymmetric key ciphers like RSA and Diffie-Hellman key exchange. RSA is described in more detail, including how public and private key pairs are generated using large prime numbers and exponentiation modulo a composite integer. Security relies on the difficulty of factoring large numbers.
The document discusses closures and functional programming, noting that closures allow defining functions with little syntax and are reusable blocks of code that capture their enclosing environment. It provides an agenda covering closure concepts, examples of functional programming with closures, and using closures for refactoring code.
Symbolic Reasoning and Concrete Execution - Andrii Vozniuk Andrii Vozniuk
Higher-order test generation and symbolic execution with mixed concrete-symbolic solving are two approaches to dealing with imprecision caused by complex functions in test generation. Higher-order test generation models concretization symbolically using a higher-order logic and relies on validity proofs, while symbolic execution with mixed solving splits constraints into simple and complex parts, solves the simple part concretely, and uses those solutions to simplify the complex part, relying on standard constraint solving. Both approaches improve on dynamic test generation but are theoretical, sound but incomplete.
This document discusses ring-based homomorphic encryption schemes and compares the efficiency of four schemes: BGV, FV, NTRU, and YASHE. The schemes are analyzed by measuring ciphertext size under varying parameters like plaintext modulus size and circuit depth. For small plaintext sizes, YASHE is most efficient, but BGV generally performs best as plaintext size increases. The analysis provides a starting point for comparing ring-based schemes but could be improved with a stricter security analysis.
Homomorphic encryption allows computations to be performed on encrypted data without decrypting it first. This document discusses homomorphic encryption techniques including partially homomorphic encryptions that support either addition or multiplication operations, and fully homomorphic encryption introduced by Craig Gentry that supports both types of operations. It also covers the use of ideal lattices in lattice-based cryptosystems and the bootstrapping technique used to "refresh" ciphertexts and prevent noise from accumulating during homomorphic computations.
The document summarizes research on constructing the first threshold and proactive pseudo-random permutation (PRP). It presents a new oblivious distributed pseudo-random function and uses it with the Luby-Rackoff construction to build a distributed PRP. The protocol allows n servers to compute encryptions/decryptions in O(1) rounds as long as less than (n-1)/2 servers are corrupted. It enables protocols like authenticated encryption to be made distributed.
The document discusses defect prevention software tools for analyzing source code quality and design. It provides examples of static analysis violations detected in sample Java code for a CommaHyphenString class, including unused variables, short variable names, and lack of documentation. It also includes maintainability and complexity metrics for the sample class calculated by the VizzMaintenance tool.
Use of an Oscilloscope - maXbox Starter33Max Kleiner
This is an oscilloscope introduction that uses several sources for input. My hope is that it encourages a few future scientists to experiment and get into touch with new waves ~.
Oscilloscopes are one of the few pieces of electronic equipment that plays multiple roles and can be used in the place of other electronics equipment.
The document discusses various code tuning techniques to optimize code performance, including unswitching loops, unrolling loops, caching frequently used values, initializing data at compile time, using sentinels in search loops, putting the busiest loop on the inside, pre-computing results, and using integers instead of floating point variables. It provides examples of each technique in different programming languages and the measured time savings from applying each optimization, with some optimizations yielding up to 90% faster execution time. The key message is that minor changes to code implementation through these techniques can significantly improve performance, but optimizations must be carefully tested.
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWEPriyanka Aash
Destructive and constructive methods in lattice-based cryptography will be discussed. Topic 1: Cryptanalysis of Compact-LWE Authors: Jonathan Bootle; Mehdi Tibouchi; Keita Xagawa Topic 2: Two-message Key Exchange with Strong Security from Ideal Lattices Authors: Zheng Yang; Yu Chen; Song Luo
(Source: RSA Conference USA 2018)
This document discusses SystemVerilog assertions (SVA). It introduces SVA and explains that assertions are used to document design functionality, check design intent is met, and determine if verification tested the design. Assertions can be specified by the design or verification engineer. The document outlines the key building blocks of SVA like sequences, properties, and assertions. It provides examples of different types of assertions and how they are used. Key concepts discussed include implication, timing windows, edge detection, and repetition operators.
This document discusses closures and functional programming. It begins with an agenda that covers closures as code blocks, their history in languages like Lisp and Scheme, examples of functional programming, and using closures for refactoring. It then discusses a case study on experiences with a polygraph design, including optimizations with closures, packaging, and applying the Demeter principle. Finally, it provides links for further reading on closures.
The document summarizes cryptographic algorithms DES and AES. It describes the basic concepts of encryption, the history and workings of DES including key generation and encryption/decryption processes. It then explains the AES cipher which was selected to replace DES, including the cipher structure involving substitution, shifting, mixing and adding round keys in multiple rounds of processing. The key expansion process is also summarized.
The document discusses advanced cryptographic techniques for securing cloud computing. It introduces fully homomorphic encryption and functional encryption. Fully homomorphic encryption allows computations to be performed on encrypted data and obtain encrypted results, providing privacy for cloud data and computations. Functional encryption allows decryption of ciphertexts using secret keys to reveal specific functions of the plaintext without other information. The document proposes constructing an efficient fully homomorphic encryption scheme based on learning with errors to enable encrypted computations in cloud computing.
Toward an Understanding of the Processing Delay of Peer-to-Peer Relay NodesAcademia Sinica
Peer-to-peer relaying is commonly used in realtime applications to cope with NAT and firewall restrictions and provide better quality network paths. As relaying is not natively supported by the Internet, it is usually implemented at the application layer. Also, in a modern operating system, the processor is shared, so the receive-process-forward process for each relay packet may take a considerable amount of time if the host is busy handling some other tasks. Thus, if we happen to select a loaded relay node, the relaying may introduce significant delays to the packet transmission time and even degrade the application performance.
In this work, based on an extensive set of Internet traces, we pursue an understanding of the processing delays incurred at relay nodes and their impact on the application performance. Our contribution is three-fold: 1) we propose a methodology for measuring the processing delays at any relay node on the Internet; 2) we characterize the workload patterns of a variety of Internet relay nodes; and 3) we show that, serious VoIP quality degradation may occur due to relay processing, thus we have to monitor the processing delays of a relay node continuously to prevent the application performance from being degraded.
The concept of motion image based wireless monitoring and control system, the main requirements from the M2M communities and related encryption method of the wireless system are described. Section I is the introduction of M2M system, section II is the concept for the scrambling of motion image based video signals with transcendental number that is iterated over Fibonacci prime number sequence, with video time stamp and user pass phrase ...
A New Approach for Video Encryption Based on Modified AES Algorithmiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Encryption and Compression of Audio-Video Data Using Enhanced AES and J-Bit A...ijsrd.com
AES is considered a good encryption algorithm in terms of providing security to a network in passing information (data) in form of audio, string, and video and in any other form. However it yields a low throughput resulting in slowness and increasing energy dispensation of server or an application. The Enhanced AES algorithm is proposed in this paper which works by using sequence counters and provides improved throughput as compare to conventional AES algorithm. The J-Bit Encoding is being a compression algorithm in lossless category which doesn't decrease the quality but reduce the size of data to some extent. It has been observed that the proposed encryption algorithm integrated to J-Bit Encoding algorithm will provide the effective security measures as well as increased throughput as a parameter and less bandwidth usage as the actual size of data shall not be sent along the network.
This document discusses Ring-Learning With Errors (Ring-LWE) and its application to fully homomorphic encryption schemes. Specifically, it covers Ring-LWE based cryptosystems, the leveled fully homomorphic encryption scheme of Brakerski, Vaikuntanathan and Gentry (BGV) as implemented in the HElib library, and example code demonstrations using HElib. Notations used include integers modulo q, polynomial rings, and cyclotomic polynomials.
Privacy preserving multi-keyword ranked search over encrypted cloud dataIGEEKS TECHNOLOGIES
This document proposes a system called privacy-preserving multi-keyword ranked search over encrypted cloud data (MRSE). Existing searchable encryption systems only support single-keyword or boolean keyword search without result ranking. The proposed MRSE system allows multi-keyword searches over encrypted cloud data and ranks the results based on relevance to the search keywords. It establishes privacy requirements and uses an efficient "coordinate matching" semantic to capture document relevance. The system architecture includes modules for data users, owners, file upload/download and rank search over encrypted data.
Encryption converts plaintext into ciphertext using an algorithm and key. Gaussian elimination with partial pivoting and row exchange is used to encrypt images by converting the image matrix to an upper triangular matrix and generating a decryption key. The encrypted image matrix and key can then be multiplied to recover the original image matrix and decrypt the image. This algorithm allows for faster encryption time while still producing robust encryption to prevent unauthorized access to images.
This document discusses different grazing systems and strategies for extending the grazing season, including management intensive grazing using 17 or more pastures, stockpiling excess forage, and planting cool season annuals like wheat. It then summarizes a study where wheat was planted and grazed, finding that wheat grazing provided 38 days of forage and was approximately cost effective compared to feeding hay. The goal was to extend the grazing season and wheat helped provide forage during a period of summer drought.
The document summarizes several music sharing applications for PR practitioners:
1) Ping focuses on mainstream music available on iTunes and allows artists to connect with fans on a Twitter-like feed.
2) MySpace Music/Imeem is ideal for fresh and indie artists to upload and share their work for free while discovering new music directly from artists.
3) Bandcamp is also well-suited for new artists to sell music directly to fans for a small posting fee that varies by artist with a name-your-price option for albums.
Riding the Age Wave: Will Your Club Sink or Swim?theGrapevine411
Riding the Age Wave: Will your club sink or swim? discusses how the aging population, specifically baby boomers and the responsible generation, will reshape supply and demand for businesses. Approximately 78 million boomers and 32 million from the responsible generation will be over 50 years old within 20 years, with 80% of population growth coming from those over 50. To succeed, businesses need to understand the motivations, behaviors, and preferences of these generations in order to adapt their marketing, programs, and services to attract and retain older adult customers.
This document provides an agenda and notes for an HBase training course. The agenda includes covering course credit, hands-on exercises for installing tm-puppet and writing CRUD codes, an overview of the Client API basics and advanced features, and references. The general notes section provides information on atomic mutations, thread safety with HTable instances, and configuration. The document then covers specifics of the Put, Get, Delete, batch operations, row locks, and scan methods of the Client API. It concludes with a hands-on exercise asking students to write CRUD code against an HBase table and describes requirements for completing and submitting the code.
Shape Safety in Tensor Programming is Easy for a Theorem Prover -SBTB 2021Peng Cheng
This document discusses the Shapesafe project, which uses dependent types in Scala to enable type-safe linear algebra operations. It aims to push type safety to the extreme by exploring symbolic reasoning and weird operands. The author maintains Shapesafe uses the Curry-Howard isomorphism to translate proofs to functional programs. Moving forward, Shapesafe could benefit from Scala 3's improved type inference and implicit resolution, though some Shapeless features may need to be reimplemented. The end goal is to integrate Shapesafe into machine learning libraries to catch errors at compile-time.
The document discusses the introduction and advantages of lambda expressions and functional programming in Java 8. Some key points include:
- Lambda expressions allow passing behaviors as arguments to methods, simplifying code by removing bulky anonymous class syntax. This enables more powerful and expressive APIs.
- Streams provide a way to process collections of data in a declarative way, leveraging laziness to improve efficiency. Operations can be pipelined for fluent processing.
- Functional programming with immutable data and avoidance of side effects makes code more modular and easier to reason about, enabling optimizations like parallelism. While not natively supported, Java 8 features like lambda expressions facilitate a more functional approach.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1eZv11J.
Simon Ritter discusses the syntax and use of Lambda expressions, focusing on using Streams to greatly simplify the way bulk and aggregate operations are handled in Java. Filmed at qconlondon.com.
Simon Ritter is a Java Technology Evangelist at Oracle Corporation. Simon has been in the IT business since 1984 and holds a Bachelor of Science degree in Physics from Brunel University in the U.K.
The document discusses optimizing Tcl bytecode. It provides an overview of Tcl's evaluation strategy using bytecode and discusses opportunities to improve bytecode compilation coverage, generation, and optimization. The author outlines work done to compile more commands to bytecode, improve bytecode for operations like list concatenation, and add an initial bytecode optimizer. Benchmark results show performance improvements from these changes ranging from 10-40% depending on the operation. Future work is needed to fully optimize control flow, eliminate dead code, and close the gap between the assembler and optimizer.
This document presents a synopsis for research on sensitive data protection in database as a service. It discusses the problem of protecting sensitive data when outsourcing databases to the cloud. The proposed solution uses a two-layer encryption method for sensitive data at the client side along with an access control mechanism at the server side to control user query access and maintain role hierarchies. Performance analysis shows the approach secures data from attacks while supporting SQL queries and controlling privilege escalation for sensitive data in outsourced databases.
The Ring programming language version 1.10 book - Part 93 of 212Mahmoud Samir Fayed
This document describes various functions in the Ring programming language for obtaining runtime information. These include functions to return lists of functions, classes, packages, memory scopes and variables, call stacks, loaded files, and for setting trace functions to monitor program execution events. The functions provide concise introspection of a Ring program and enable tools like debuggers, profilers and tracers.
The document describes the "Cake Pattern" which is an alternative to dependency injection in Swift. It uses protocols, extensions and constraints to compose services in a modular way. Key aspects include defining services with protocols, implementing them with extensions, creating component protocols that wire services together, and applying constraints to determine behaviors based on types composed together. The Cake Pattern provides a standardized way to structure applications around loosely coupled, independently-developed components and services.
Incremental View Maintenance for openCypher QueriesGábor Szárnyas
Presented at the Fourth openCypher Implementers Meeting
Numerous graph use cases require continuous evaluation of queries over a constantly changing data set, e.g. fraud detection in financial systems, recommendations, and checking integrity constraints. For relational systems, incremental view maintenance has been researched for three decades, resulting in a wide body of literature. The property graph data model and the openCypher language, however, are recent developments, and therefore lack established techniques to perform efficient view maintenance. In this talk, we give an overview of the view maintenance problem for property graphs, discuss why it is particularly difficult and present an approach that tackles a meaningful subset of the language.
GraphQL is a query language for APIs that solves issues with REST APIs like over- and under-fetching of data. It allows clients to define the structure and relationships of the data required in a single query. Resolvers retrieve the data from various sources and shape it according to the query. Different fetching strategies like batching and foresightful approaches can retrieve data more efficiently. GraphQL has built-in type safety and introspection capabilities that make it a robust alternative to REST for modern app development.
St Petersburg R user group meetup 2, Parallel RAndrew Bzikadze
This document provides an overview of parallel computing techniques in R using various packages like snow, multicore, and parallel. It begins with motivation for parallelizing R given its limitations of being single-threaded and memory-bound. It then covers the snow package which enables explicit parallelism across computer clusters. The multicore package provides implicit parallelism using forking, but is deprecated. The parallel package acts as a wrapper for snow and multicore. It also discusses load balancing, random number generation, and provides examples of using snow and multicore for parallel k-means clustering and lapply.
Solr provides concise summaries of key points from the document:
1. Solr discusses its search architecture including the use of Thrift for service encapsulation and reduced network traffic. Only IDs are returned from searches to reduce index size and enable easy scaling of primary key lookups.
2. Load balancing is discussed, including an algorithm that hashes the query and number of servers to provide server affinity while distributing load evenly.
3. Replication of the index is covered, including challenges with multicast and an implementation using BitTorrent to efficiently replicate files.
This document summarizes key parts of Java 8 including lambda expressions, method references, default methods, streams API improvements, removal of PermGen space, and the new date/time API. It provides code examples and explanations of lambda syntax and functional interfaces. It also discusses advantages of the streams API like lazy evaluation and parallelization. Finally, it briefly outlines the motivation for removing PermGen and standardizing the date/time API in Java 8.
chapter3 evemt handling and delighted model java mcq important mcq for 2023bhagatsadesh96
This document contains questions and answers related to advanced Java programming topics such as networking. It includes 100 multiple choice questions covering topics like TCP, UDP, sockets, InetAddress, URL, URLConnection classes. The questions assess understanding of concepts like connection-oriented vs connectionless protocols, port numbers, IP addresses, methods of various networking classes etc.
Explaining the Postgres Query Optimizer (Bruce Momjian)Ontico
The document discusses how the Postgres query optimizer works. It explains that the optimizer determines the fastest method to execute SQL queries by interpreting them and generating optimal execution plans. It shows how the optimizer may choose different plans like index scans, bitmap index scans, or sequential scans based on factors like the distribution of data and how common or rare a value is in the table. It demonstrates this behavior using the EXPLAIN command on different sample queries against a temporary table.
The document discusses using algorithmic test generation to improve functional coverage in existing verification environments. It describes limitations of current constrained random stimuli generation techniques for complex designs. Algorithmic test generation uses rule graphs and action functions to efficiently target coverage goals without requiring extensive changes to verification environments. A case study shows algorithmic test generation achieved coverage goals over 600x faster than constrained random for an AXI bus bridge design while requiring minimal changes to the testbench.
Lambda Chops - Recipes for Simpler, More Expressive CodeIan Robertson
While the new Streams API has been a great showcase for lambda methods, there are many other ways this new language feature can be used to make friendlier APIs and more expressive code. Lambdas can be used for a number of tasks which historically required significant boilerplate, type-unsafe constructs, or both. From new ways to express metedata, to emulating Groovy's null-safe navigation operator, we'll take a look at a myriad of ways, big and small, that you can use lambdas to improve APIs and streamline your code. We'll also look at some of the limitations of lambdas, and some techniques for overcoming them.
Similar to ENKI: Access Control for Encrypted Query Processing (20)
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
ENKI: Access Control for Encrypted Query Processing
1. ENKI: Access Control for
Encrypted Query Processing
Isabelle Hang, Florian Kerchbaum, and Ernesto Damiani
ACM SIGMOD International Conference on Management of Data
Melbourne, Victoria, Australia, May 2015
SWIM Seminar
November 27, 2015
Mateus Cruz
4. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OVERVIEW
Query data encrypted using different keys
Access control enforced by encryption
Secure proxy re-encryption
Non-transitive and non-symmetric
Split query execution
Less computation on the client
37% performance overhead
1 / 33
5. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
REVIEW: CRYPTDB
SQL queries over encrypted data
Proxy controls access
Limitations
Column-level as minimum granularity
Onions of encryption
– Decreasing security
– Storage overhead
2 / 33
6. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
ARCHITECTURE
Threat model
Passive attacker
Attacks on clients are out of the scope
3 / 33
8. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
ACCESS CONTROL MATRIX
Rows correspond to subjects (S = |n|)
Columns correspond to objects (O)
Values 1 represent granted rights
Read, update or delete
No support for different rights
E.g.: Read-only
Example
User t1 t2 t3 t4 t5
Alice 0 1 1 1 1
Bob 1 1 0 1 0
4 / 33
9. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
QUALIFIED SET (QSi )
Set of subjects with access to an object
Column of an access control matrix
Never empty
Example
User t1 t2 t3 t4 t5
Alice 0 1 1 1 1
Bob 1 1 0 1 0
QSt4
= {1, 1}
So, Alice and Bob
have access to t4.
5 / 33
10. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
USER GROUPS (pi )
pi ∈ P∗
(S)
P∗
(S): power set of all subjects S (without ∅)
Example
p1 = {Alice} := A
p2 = {Bob} := B
p3 = {Alice, Bob} := AB
6 / 33
11. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
USER GROUP MAPPING
User group mapping
Assigns users to the groups they participate in
Example
User User Group
Alice A
Alice AB
Bob B
Bob AB
7 / 33
12. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OBJECT SET (O(pi))
Objects accessible by the same user group
O(pi) forms a partition over O
O(pi) = {o|o ∈ O ∧ QSo = pi}
Example
User t1 t2 t3 t4 t5
Alice 0 1 1 1 1
Bob 1 1 0 1 0
p1 = {Alice}
p2 = {Bob}
p3 = {Alice, Bob}
O(p1) = {t3, t5}
O(p2) = {t1}
O(p3) = {t2, t4}
8 / 33
13. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
VIRTUAL RELATION
Relation corresponding to one object set
One user group can access all of its tuples
Virtual relation mapping
Example
User Group Relation Virtual Relation
A R RA
B R RB
AB R RAB
9 / 33
14. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
VIRTUAL RELATION
Relation corresponding to one object set
One user group can access all of its tuples
Virtual relation mapping
Specified and maintained
by the data owner
Example
User Group Relation Virtual Relation
A R RA
B R RB
AB R RAB
9 / 33
15. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
ENCRYPTION OF RELATIONS
The data owner splits R
Virtual relations: RA, RB, RAB
Same schema as R
The data owner generates encryption keys
One key per group
Distributed to group member
Example
Generate key r a for group A and encrypt RA:
κr a(Ra) = {κr a(t)|t ∈ RA}
10 / 33
16. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
ENCRYPTION OF RELATIONS
The data owner splits R
Virtual relations: RA, RB, RAB
Same schema as R
The data owner generates encryption keys
One key per group
Distributed to group member
The number of keys for each user
depends on the number of groups
she participates
Example
Generate key r a for group A and encrypt RA:
κr a(Ra) = {κr a(t)|t ∈ RA}
10 / 33
18. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
QUERY REWRITING
Queries over more than one virtual relation
Performed by the ENKI Query Adapter
11 / 33
19. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
REWRITING STRATEGIES
Selection
Projection
Rename
Count
Set union
Cartesian product
12 / 33
20. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
REWRITING STRATEGIES
Selection
Projection
Rename
Count
Set union
Cartesian product
12 / 33
21. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
SELECTION: σαθβ(R)
Predicate θ (=, <, ≤, >, ≥)
α, β (E.g.: attributes, constants)
Encrypt αθβ for both virtual relations:
κr a(α)θκr a(β) (for key r a)
κr ab(α)θκr ab(β) (for key r ab)
Example
(σαθβ(R), Alice) = σκr a(α)θκr a(β)(κr a(RA))∧
σκr ab(α)θκr ab(β)(κr ab(RAB))
= {κr a(t)|t ∈ RA ∧ κr a(α)θκr a(β)}∪
{κr ab(t)|t ∈ RAB ∧ κr ab(α)θκr ab(β)}
13 / 33
22. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
CARTESIAN PRODUCT: R × S
Tuple from R: r
Tuple from S: s
Example
(R × S, Alice) = {κr a(r)κs a(s)∨
κr a(r)κs ab(s)∨
κr ab(r)κs a(s)∨
κr ab(r)κs ab(s)
|r ∈ (RA ∨ RAB) ∧ s ∈ (SA ∨ SAB)}
14 / 33
23. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OTHER OPERATIONS
Also support update, delete or insert
Support queries to modify the schema
Must modify schemas of virtual relations
15 / 33
27. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
PROBLEM
Example
Alice has key r a, Bob has key r b, both have
key r ab.
Suppose a comparison between RA and RAB.
Proxy re-encryption of keys r a and r ab to r c:
r a ∼ r c and r ab ∼ r c.
Symmetry and transitivity allow:
r a ∼ r c ∼ r ab.
So Bob can access Alice’s data.
18 / 33
28. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
ALGORITHMS
Parameter generation
Key generation
Encryption
Token
Input: Two keys ki and kj
Output: Token to proxy re-encrypt ki to kj:
T = Token(ki, kj)
Proxy re-encryption
Input: Ciphertext C and token T
Output: Ciphertext C = Pre(C, T)
19 / 33
29. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
TEMPORARY RE-ENCRYPTION
A ciphertext can be re-encrypted only once
Persisting re-encryption restricts usability
Temporary re-encryption
Base values: values initially encrypted
DetPre values: temporary re-encrypted values
Concatenate DetPre to Base
Delete DetPre after the user logs out
20 / 33
30. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
EXECUTING EQUI-JOINS
Execute join on the virtual relations
Encrypted with different keys
Re-encrypt with a shared key
Also encrypt the join condition
Example
(R Ai =Bi
S, Alice) = {κc(r)κc(s)|
r ∈ (RA ∨ RAB)∧
s ∈ (SA ∨ SAB)∧
κc(ri)θκc(sj)}
21 / 33
32. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
EXECUTING AGGREGATE FUNCTIONS
Aggregate functions over virtual relations
Encrypted with different keys
Proxy re-encryption could be used
Depends on the encryption scheme used
Example
For SUM, the Paillier cryptosystem can be used.
Problem: Creation of a secure proxy
re-encryption for the Paillier cryptosystem.
Either hard to construct or expensive.
22 / 33
33. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
CLIENT-SERVER SPLIT EXECUTION
Compute partial results on the server
Results for each virtual relation
Generate final result on the client
Decrypt partial results
Compute FAgg for the final results
23 / 33
34. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
SUPPORTED AGGREGATIONS
Maximum
Minimum
Sum
Average
Sort
24 / 33
35. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
SUPPORTED AGGREGATIONS
Maximum
Minimum
Sum
Average
Sort
24 / 33
36. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
MAXIMUM
Example
On the server, compute:
Res(RA) = Max(RA)
Res(RAB) = Max(RAB)
On the client, compute:
FMax = Max(Max(RA), Max(RAB))
25 / 33
40. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
MULTI USER MODE OVERHEAD
Overhead of multi user mode: 37%
28 / 33
41. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
IMPACT OF QUERY REWRITING
29 / 33
42. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
IMPACT OF NUMBER OF USER GROUPS
30 / 33
43. Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
IMPACT OF POST-PROCESSING
31 / 33
48. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
RENAME: ρQ←Ai
(R)
Rename ρ of an attribute Ai ∈ R to Q
Encrypt the new attribute name
Use keys of virtual relations
Rename is not persisted
Example
(ρQ←Ai
(R), Alice) = ρκr a(Q)←κr a(Ai )(κr a(RA))∪
ρκr ab(Q)←κr ab(Ai )(κr ab(RAB))
49. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
COUNT: βγCount(Ai)(R)
Executed on server-side
Count attributes values of Ai
Sum the partial results from virtual relations
Example
(βγCount(Ai )(R), Alice) = κr a(β)γCount(κr a(Ai ))(κr a(RA))+
κr ab(β)γCount(κr ab(Ai ))(κr ab(RAB))
50. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
SET UNION: R ∪ S
Union between two relations R and S
Same set of attributes
Example
(R ∪ S, Alice) = {κr a(t)|t ∈ RA}∪
{κr ab(t)|t ∈ RAB}∪
{κs a(t)|t ∈ SA}∪
{κs ab(t)|t ∈ SAB}
52. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
PARAMETER GENERATION
Receives a security parameter λ
Generate a prime number p
Generate two groups G1, G2 of order p
Generate a map e : G1 × G1 → G2
Choose a random generator G ∈ G1
53. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
KEY GENERATION
Choose a random ki ∈ Zp
54. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
ENCRYPTION
Receives a plaintext m with key ki
Generates a ciphertext
C = Gmki ∈ G1
55. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
TOKEN
Receive two keys ki and kj
Generate a token T for proxy re-encryption
T = G
kj
ki ∈ G1
56. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
PROXY RE-ENCRYPTION
Receives a ciphertext C encrypted with ki
Generate ciphertext C encrypted with kj
C = e(C, T)
= e(Gmki
, G
kj
ki )
= e(G, G)
mki
kj
ki
= e(G, G)mkj
= gmkj
∈ G2
57. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
EXECUTING COUNT DISTINCT
Adjust keys of virtual relations
Re-encrypt to a common key
Example
(βγCountDistinct(Ai )(R), Alice) =
κc(β)γCountDistinct(κc(Ai ))(κc(RA) ∪ κc(RAB))
58. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
EXECUTING SET DIFFERENCE
Adjust keys of virtual relations
Re-encrypt to a common key
Example
(R S, Alice) = {κc(t)|
t ∈ (RA ∨ RAB)∧
t /∈ (SA ∨ SAB)}
59. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
SUM
Example
On the server, compute:
Res(RA) = Sum(RA)
Res(RAB) = Sum(RAB)
On the client, compute:
FSum = Sum(Sum(RA), Sum(RAB))
60. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
AVERAGE
Replaced by the functions sum and count
Example
On the server, compute:
Res(RA) = {Sum(RA), Count(RA)}
Res(RAB) = {Sum(RAB), Count(RAB)}
On the client, compute:
FAvg = Sum(RA)+Sum(RAB)
Count(RA)+Count(RAB)
61. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
SORT
Example
On the server, compute:
Res(RA) = Sort(RA)
Res(RAB) = Sort(RAB)
On the client, compute:
FSort = Merge sorted lists(Sort(RA), Sort(RAB))
62. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
SYSTEM SETUP
The data owner
Handles n users
Defines the user group mapping
Defines the virtual relation mapping
64. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
LOOK UP
Checks the user group mapping
Groups the query issuer belongs to
Checks virtual relation mapping
Virtual relations used to answer the query
65. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
PROXY RE-ENCRYPTION
Queries containing
Equi-join
Set difference
Count distinct
Adjust keys of virtual relations
Temporary re-encryption to shared key
Example
(R Ai =Bi
S, Alice) = {κc(r)κc(s)|
r ∈ (RA ∨ RAB)∧
s ∈ (SA ∨ SAB)∧
κc(ri)θκc(sj)}
66. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
QUERY ENCRYPTION
Encrypt attributes used in the query
Attributes accessible by the issuer
Example
(σαθβ(R), Alice) = σκr a(α)θκr a(β)(κr a(RA))∧
σκr ab(α)θκr ab(β)(κr ab(RAB))
= {κr a(t)|t ∈ RA ∧ κr a(α)θκr a(β)}∪
{κr ab(t)|t ∈ RAB ∧ κr ab(α)θκr ab(β)}
67. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
QUERY REWRITING
Modifies query
Executed over virtual relations
Returns a query sQ
Executed on the server
Can return am additional query cQ
Executed on the client
Example
sQ : Sum(RA), Count(RA), Sum(RAB), Count(RAB)
cQ : FAvg = Sum(RA)+Sum(RAB)
Count(RA)+Count(RAB)
68. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
SERVER-SIDE EXECUTION
Executes the encrypted query sQ
Returns encrypted results to the client
If necessary, also returns cQ
Example
Res(RA) = {Sum(RA), Count(RA)}
Res(RAB) = {Sum(RAB), Count(RAB)}
69. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
CLIENT-SIDE EXECUTION
Receives the encrypted results
Decrypt
Execute cQ if it exists
Example
FAvg = Sum(RA)+Sum(RAB)
Count(RA)+Count(RAB)
70. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
DYNAMIC ACCESS CONTROL POLICIES
Objects are encrypted with different keys
Busy user groups
User groups associated with objects
Non-empty object set
Access policies might change
Granting or revoking rights
Changes busy user groups
71. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
USER HIERARCHY
User Hierarchy (U)
Given a set of users S = {s1, ..., sn}, a user
hierarchy U is a pair (P∗
(S), ) where P∗
(S) is
the powerset without the empty set of S and
is a partial order such that for all sets of users
pi, pj ∈ P∗
(S), pi pj if pj ⊆ pi for all i, j =
{1, ..., 2n−1
}.
User dynamics change the hierarchy
Adding or deleting users
72. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
ADDING USER sn+1
Case 1
The original busy group porig
i becomes not busy
The new group (pnew
i ∪ sn+1) is busy
Case 2
The original busy group porig
i stays busy
The new group (pnew
i ∪ sn+1) is also busy
73. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
ADDING USER sn+1: CASE 1
The busy group porig
i becomes non busy
The new group (pnew
i ∪ sn+1) is busy
Solution
Add the user to the object set
Share the group key with user sn+1
O(porig
i ) = O(porig
i ∪ sn+1)
74. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
ADDING USER sn+1: CASE 2
The busy group porig
i stays busy
The new group (pnew
i ∪ sn+1) is also busy
Solution
sn+1 has access to a subset of objects of porig
i
Re-encrypt O(porig
i ∪ sn+1) with a new key
O(porig
i ) = O(pnew
i ) ∪ O(porig
i ∪ sn+1)
O(pnew
i ) ∩ O(porig
i ∪ sn+1) = ∅
75. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
REVOKING RIGHTS OF USER sn
Case 1
A user sn is revoked from all rights
Case 2
A user sn is revoked from a user group
Case 3
A user sn is revoked from certain objects
76. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
REVOKING USER sn: CASE 1
A user sn is revoked from all rights
The hierarchy changes
Solution
The busy group porig
i ∪ sn is deleted
Objects from porig
i ∪ sn are accessible by porig
i
Re-encrypt O(porig
i ∪ sn) using the key of porig
i
O(pnew
i ) = O(porig
i ) ∪ O(porig
i )
77. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
REVOKING USER sn: CASE 2
A user sn is revoked from a user group
Does not change the hierarchy
Changes busy user groups
Solution
Busy user group porig
i ∪ sn becomes non busy
Re-encrypt O(porig
i ∪ sn) using the key of porig
i
O(pnew
i ) = O(porig
i ∪ sn) ∪ O(porig
i )
78. Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
REVOKING USER sn: CASE 3
A user sn is revoked from certain objects
Solution
Busy group porig
i ∪ sn is split into two
– pnew
i ∪ sn and pnew
i
Re-encrypt O(pnew
i ) using the key of porig
i
O(porig
i ∪ sn) = O(pnew
i ∪ sn) ∪ O(pnew
i )
O(pnew
i ∪ sn) ∩ O(pnew
i ) = ∅